From 690725ccc1b30b98bc7df3e5a8b3d4d7db4179c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= <speed47_github@speed47.net>
Date: Tue, 31 Mar 2026 22:57:37 +0200
Subject: [PATCH] enh: add BSD stubs for CVE-2022-40982 CVE-2023-20569
 CVE-2023-23583, detecting unaffected CPUs

---
 src/vulns/CVE-2022-40982.sh | 9 +++++++++
 src/vulns/CVE-2023-20569.sh | 9 +++++++++
 src/vulns/CVE-2023-23583.sh | 9 +++++++++
 3 files changed, 27 insertions(+)

diff --git a/src/vulns/CVE-2022-40982.sh b/src/vulns/CVE-2022-40982.sh
index 87cdd0b..5a07460 100644
--- a/src/vulns/CVE-2022-40982.sh
+++ b/src/vulns/CVE-2022-40982.sh
@@ -97,3 +97,12 @@ check_CVE_2022_40982_linux() {
         pvulnstatus "$cve" "$status" "$msg"
     fi
 }
+
+# CVE-2022-40982 Downfall (gather data sampling) - BSD mitigation check
+check_CVE_2022_40982_bsd() {
+    if ! is_cpu_affected "$cve"; then
+        pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
+    else
+        pvulnstatus "$cve" UNK "your CPU is affected, but mitigation detection has not yet been implemented for BSD in this script"
+    fi
+}
diff --git a/src/vulns/CVE-2023-20569.sh b/src/vulns/CVE-2023-20569.sh
index e7793fb..b399809 100644
--- a/src/vulns/CVE-2023-20569.sh
+++ b/src/vulns/CVE-2023-20569.sh
@@ -207,3 +207,12 @@ check_CVE_2023_20569_linux() {
         fi
     fi
 }
+
+# CVE-2023-20569 Inception (SRSO, speculative return stack overflow) - BSD mitigation check
+check_CVE_2023_20569_bsd() {
+    if ! is_cpu_affected "$cve"; then
+        pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
+    else
+        pvulnstatus "$cve" UNK "your CPU is affected, but mitigation detection has not yet been implemented for BSD in this script"
+    fi
+}
diff --git a/src/vulns/CVE-2023-23583.sh b/src/vulns/CVE-2023-23583.sh
index c96b95f..1df1ea6 100644
--- a/src/vulns/CVE-2023-23583.sh
+++ b/src/vulns/CVE-2023-23583.sh
@@ -30,3 +30,12 @@ check_CVE_2023_23583_linux() {
         fi
     fi
 }
+
+# CVE-2023-23583 Reptar (redundant prefix issue) - BSD mitigation check
+check_CVE_2023_23583_bsd() {
+    if ! is_cpu_affected "$cve"; then
+        pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
+    else
+        pvulnstatus "$cve" UNK "your CPU is affected, but mitigation detection has not yet been implemented for BSD in this script"
+    fi
+}